fangkyi03 / react-demo Goto Github PK

Vulnerabilities

DepShield reports that this application's usage of q:1.5.1 results in the following vulnerability(s):

• (CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Occurrences

q:1.5.1 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ css-loader:0.26.4
              └─ cssnano:3.10.0
                    └─ postcss-svgo:2.1.6
                          └─ svgo:0.7.2
                                └─ coa:1.0.4
                                      └─ q:1.5.1
        └─ webpack-visualizer-plugin:0.1.11
              └─ react:0.14.9
                    └─ envify:3.4.1
                          └─ jstransform:11.0.3
                                └─ commoner:0.10.8
                                      └─ q:1.5.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._isiterateecall:3.0.9 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._isiterateecall:3.0.9 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ mocha:3.5.3
              └─ lodash.create:3.1.1
                    └─ lodash._isiterateecall:3.0.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.uniq:4.5.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.uniq:4.5.0 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ css-loader:0.26.4
              └─ cssnano:3.10.0
                    └─ postcss-merge-rules:2.1.2
                          └─ caniuse-api:1.6.1
                                └─ lodash.uniq:4.5.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.keys:3.1.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.keys:3.1.2 is a transitive dependency introduced by the following direct dependency(s):

• antd:2.13.14
        └─ rc-table:5.6.13
              └─ shallowequal:0.2.2
                    └─ lodash.keys:3.1.2
        └─ rc-util:4.5.1
              └─ shallowequal:0.2.2
                    └─ lodash.keys:3.1.2

• roadhog:0.5.4
        └─ mocha:3.5.3
              └─ lodash.create:3.1.1
                    └─ lodash._baseassign:3.2.0
                          └─ lodash.keys:3.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of mime:1.3.6 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

mime:1.3.6 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ url-loader:0.5.9
              └─ mime:1.3.6

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._getnative:3.9.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._getnative:3.9.1 is a transitive dependency introduced by the following direct dependency(s):

• antd:2.13.14
        └─ rc-table:5.6.13
              └─ shallowequal:0.2.2
                    └─ lodash.keys:3.1.2
                          └─ lodash._getnative:3.9.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.9 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

debug:2.6.9 is a transitive dependency introduced by the following direct dependency(s):

• babel-eslint:7.2.3
        └─ babel-traverse:6.26.0
              └─ debug:2.6.9

• eslint:3.19.0
        └─ debug:2.6.9

• eslint-plugin-import:2.13.0
        └─ debug:2.6.9
        └─ eslint-import-resolver-node:0.3.2
              └─ debug:2.6.9
        └─ eslint-module-utils:2.2.0
              └─ debug:2.6.9

• roadhog:0.5.4
        └─ babel-core:6.26.3
              └─ debug:2.6.9
        └─ chokidar:1.7.0
              └─ fsevents:1.2.4
                    └─ node-pre-gyp:0.10.0
                          └─ needle:2.2.0
                                └─ debug:2.6.9
        └─ detect-port:1.2.3
              └─ debug:2.6.9
        └─ react-dev-utils:0.4.2
              └─ sockjs-client:1.0.3
                    └─ debug:2.6.9
        └─ webpack-dev-server:1.16.5
              └─ compression:1.7.2
                    └─ debug:2.6.9
              └─ express:4.16.3
                    └─ body-parser:1.18.2
                          └─ debug:2.6.9
                    └─ debug:2.6.9
                    └─ finalhandler:1.1.1
                          └─ debug:2.6.9
                    └─ send:0.16.2
                          └─ debug:2.6.9
              └─ serve-index:1.9.1
                    └─ debug:2.6.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.create:3.1.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.create:3.1.1 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ mocha:3.5.3
              └─ lodash.create:3.1.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._basecopy:3.0.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._basecopy:3.0.1 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ mocha:3.5.3
              └─ lodash.create:3.1.1
                    └─ lodash._baseassign:3.2.0
                          └─ lodash._basecopy:3.0.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of growl:1.9.2 results in the following vulnerability(s):

• (CVSS 8.8) CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
• (CVSS 8.8) CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Occurrences

growl:1.9.2 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ mocha:3.5.3
              └─ growl:1.9.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.isfunction:3.0.9 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.isfunction:3.0.9 is a transitive dependency introduced by the following direct dependency(s):

• dva:1.2.1
        └─ lodash.isfunction:3.0.9

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of url-parse:1.4.1 results in the following vulnerability(s):

• (CVSS 6.1) CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

Occurrences

url-parse:1.4.1 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ react-dev-utils:0.4.2
              └─ sockjs-client:1.0.3
                    └─ eventsource:0.1.6
                          └─ original:1.0.1
                                └─ url-parse:1.4.1
                    └─ url-parse:1.4.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.memoize:4.1.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.memoize:4.1.2 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ css-loader:0.26.4
              └─ cssnano:3.10.0
                    └─ postcss-merge-rules:2.1.2
                          └─ caniuse-api:1.6.1
                                └─ lodash.memoize:4.1.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of hoek:2.16.3 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3728] Improper Access Control

Occurrences

hoek:2.16.3 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ less:2.7.3
              └─ request:2.81.0
                    └─ hawk:3.1.3
                          └─ boom:2.10.1
                                └─ hoek:2.16.3
                          └─ hoek:2.16.3
                          └─ sntp:1.0.9
                                └─ hoek:2.16.3

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._baseassign:3.2.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._baseassign:3.2.0 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ mocha:3.5.3
              └─ lodash.create:3.1.1
                    └─ lodash._baseassign:3.2.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.isarray:3.0.4 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.isarray:3.0.4 is a transitive dependency introduced by the following direct dependency(s):

• antd:2.13.14
        └─ rc-table:5.6.13
              └─ shallowequal:0.2.2
                    └─ lodash.keys:3.1.2
                          └─ lodash.isarray:3.0.4

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash._basecreate:3.0.3 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash._basecreate:3.0.3 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ mocha:3.5.3
              └─ lodash.create:3.1.1
                    └─ lodash._basecreate:3.0.3

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of cryptiles:2.0.5 results in the following vulnerability(s):

• (CVSS 9.8) [CVE-2018-1000620] Insufficient Entropy

Occurrences

cryptiles:2.0.5 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ less:2.7.3
              └─ request:2.81.0
                    └─ hawk:3.1.3
                          └─ cryptiles:2.0.5

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.debounce:4.0.8 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.debounce:4.0.8 is a transitive dependency introduced by the following direct dependency(s):

• antd:2.13.14
        └─ lodash.debounce:4.0.8
        └─ rc-steps:2.5.2
              └─ lodash.debounce:4.0.8
        └─ rc-tabs:9.1.11
              └─ lodash.debounce:4.0.8
        └─ react-lazy-load:3.0.13
              └─ lodash.debounce:4.0.8

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.camelcase:4.3.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.camelcase:4.3.0 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ css-loader:0.26.4
              └─ lodash.camelcase:4.3.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash:4.17.10 results in the following vulnerability(s):

• (CVSS 9.8) [CVE-2018-16487] A prototype pollution vulnerability was found in lodash <4.17.11 where the funct...

Occurrences

lodash:4.17.10 is a transitive dependency introduced by the following direct dependency(s):

• antd:2.13.14
        └─ rc-editor-mention:0.6.14
              └─ rc-editor-core:0.7.9
                    └─ lodash:4.17.10
        └─ rc-form:1.4.8
              └─ lodash:4.17.10

• babel-eslint:7.2.3
        └─ babel-traverse:6.26.0
              └─ lodash:4.17.10
        └─ babel-types:6.26.0
              └─ lodash:4.17.10

• babel-plugin-import:1.8.0
        └─ @babel/helper-module-imports:7.0.0-beta.53
              └─ @babel/types:7.0.0-beta.53
                    └─ lodash:4.17.10
              └─ lodash:4.17.10

• dva:1.2.1
        └─ react-redux:4.4.9
              └─ lodash:4.17.10
        └─ redux:3.7.2
              └─ lodash:4.17.10

• eslint:3.19.0
        └─ inquirer:0.12.0
              └─ lodash:4.17.10
        └─ lodash:4.17.10
        └─ table:3.8.3
              └─ lodash:4.17.10

• eslint-plugin-import:2.13.0
        └─ lodash:4.17.10

• roadhog:0.5.4
        └─ atool-monitor:0.3.5
              └─ form-data:1.0.1
                    └─ async:2.6.1
                          └─ lodash:4.17.10
        └─ babel-core:6.26.3
              └─ babel-generator:6.26.1
                    └─ lodash:4.17.10
              └─ babel-template:6.26.0
                    └─ lodash:4.17.10
              └─ lodash:4.17.10
        └─ babel-preset-es2015:6.24.1
              └─ babel-plugin-transform-es2015-block-scoping:6.26.0
                    └─ lodash:4.17.10
              └─ babel-plugin-transform-es2015-classes:6.24.1
                    └─ babel-helper-define-map:6.26.0
                          └─ lodash:4.17.10
              └─ babel-plugin-transform-es2015-sticky-regex:6.24.1
                    └─ babel-helper-regex:6.26.0
                          └─ lodash:4.17.10
        └─ babel-register:6.26.0
              └─ lodash:4.17.10
        └─ http-proxy-middleware:0.17.4
              └─ lodash:4.17.10

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of mocha:3.5.3 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

mocha:3.5.3 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ mocha:3.5.3

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of d:1.0.0 results in the following vulnerability(s):

• (CVSS 7.5) CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Occurrences

d:1.0.0 is a transitive dependency introduced by the following direct dependency(s):

• eslint:3.19.0
        └─ escope:3.6.0
              └─ es6-map:0.1.5
                    └─ d:1.0.0
                    └─ es6-iterator:2.0.3
                          └─ d:1.0.0
                    └─ es6-set:0.1.5
                          └─ d:1.0.0
                    └─ es6-symbol:3.1.1
                          └─ d:1.0.0
                    └─ event-emitter:0.3.5
                          └─ d:1.0.0
              └─ es6-weak-map:2.0.2
                    └─ d:1.0.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.isarguments:3.1.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)

Occurrences

lodash.isarguments:3.1.0 is a transitive dependency introduced by the following direct dependency(s):

• antd:2.13.14
        └─ rc-table:5.6.13
              └─ shallowequal:0.2.2
                    └─ lodash.keys:3.1.2
                          └─ lodash.isarguments:3.1.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.uniqby:4.7.0 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.uniqby:4.7.0 is a transitive dependency introduced by the following direct dependency(s):

• antd:2.13.14
        └─ lodash.uniqby:4.7.0

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of webpack-dev-server:1.16.5 results in the following vulnerability(s):

• (CVSS 7.5) [CVE-2018-14732] Improper Input Validation
• (CVSS 6.9) CWE-346: Origin Validation Error

Occurrences

webpack-dev-server:1.16.5 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ webpack-dev-server:1.16.5

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.get:4.4.2 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.get:4.4.2 is a transitive dependency introduced by the following direct dependency(s):

• antd:2.13.14
        └─ rc-table:5.6.13
              └─ lodash.get:4.4.2

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of tar:4.4.1 results in the following vulnerability(s):

• (CVSS 7.5) [CVE-2018-20834] Improper Link Resolution Before File Access ("Link Following")
• (CVSS 7.5) CWE-62: UNIX Hard Link

Occurrences

tar:4.4.1 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ chokidar:1.7.0
              └─ fsevents:1.2.4
                    └─ node-pre-gyp:0.10.0
                          └─ tar:4.4.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of lodash.throttle:4.1.1 results in the following vulnerability(s):

• (CVSS 7.4) CWE-471: Modification of Assumed-Immutable Data (MAID)
• (CVSS 6.5) [CVE-2018-3721] lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutabl...

Occurrences

lodash.throttle:4.1.1 is a transitive dependency introduced by the following direct dependency(s):

• antd:2.13.14
        └─ react-lazy-load:3.0.13
              └─ lodash.throttle:4.1.1

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}

Vulnerabilities

DepShield reports that this application's usage of debug:2.6.8 results in the following vulnerability(s):

• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')
• (CVSS 7.5) CWE-400: Uncontrolled Resource Consumption ('Resource Exhaustion')

Occurrences

debug:2.6.8 is a transitive dependency introduced by the following direct dependency(s):

• roadhog:0.5.4
        └─ mocha:3.5.3
              └─ debug:2.6.8

_{This is an automated GitHub Issue created by Sonatype DepShield. Details on managing GitHub Apps, including DepShield, are available for personal and organization accounts. Please submit questions or feedback about DepShield to the Sonatype DepShield Community.}